- Expanding internet infrastructure and the future of digital security
- Cybersecurity in the age of digital currency
- Are emerging technologies opening new attack vectors for the hackers?
Cybersecurity or digital security is associated with the protection of computers, data, networks and programs from unauthorised and/or unintended access. This is similar to street crimes, which traditionally grew with the growth of the population. The digital world is witnessing a similar criminality in form of cybercrimes. A mass adoption of technology has made it easier for the digital perpetrators to hone cyberattacks and has heightened the guard.
According to the internetworldstats.com, there are more than 1.5 billion websites and ~4.2 billion internet users, which amounts to 54.4% of the global population (as on December 31, 2017), this is further expected to increase with the expansion of the internet infrastructure. Correspondingly, hacking attempts have also grown over time in form of sophistication, volume and impact. This has left the industry in a perennial quest for safety and security.
Moreover, according to the Cybersecurity Ventures (a cybersecurity research firm), cybercrime damaged the global economy, the cost was USD 3 trillion in 2015 and this is predicted to reach a whopping USD 6 trillion by 2021. These costs include damage and theft of data, stolen money, loss of productivity, theft of intellectual property, disruptions and investigation post attacks, restoration and repair of hacked data and systems, lawsuits over personal data from clients and reputational harm.
Furthermore, IBM in association with the Ponemon Institute reported that the average cost of data breach incidents reached USD 3.62 million in 2017 and as per the Juniper Research, the average cost of the data breach is anticipated to exceed USD 150 million by 2020 as more and more business infrastructure gets connected online.
History of data breaches
The frequency of data breach reached a massive scale with an increase in the level of severity as seen in the below charts. The average records exposed per breach has been growing in consonance with the global data volume, which has also witnessed an exponential rise. This provides a wider scope to cyber criminals to extract a substantial amount of data in a single incident. Although, the attacks are increasing across the spectrum, the hackers have diverted their focus from education to business enterprises, this shows a reversal of the trend from academic thefts to malicious/monetary intent.
Few of the biggest hacks in the past 10 years
- In 2016, during the sale negotiations with Verizon, Yahoo reported that it had been a victim of the biggest data breach in the history (December 2013) and there was a compromise on the data of 3 billion users. Hence, due to the enormity of the breach, Verizon knocked around USD 350 million off Yahoo’s sale price with an agreement to share the regulatory and legal liabilities of the breach.
- Equifax (September 2017) reported a breach of its database, which exposed personal and financial information of 143 million of its consumers.
- Adult FriendFinder an adult content and casual hookup website faced a massive data breach which exposed the data of over 400 clients along with their email ids, passwords, last usage, IP addresses, etc. Clients’ passwords were hashed with the SHA-1 hashing algorithm, which is not as cryptographically secure as per the newer algorithms in order to hack.
WannaCry and NotPetya, which are not included in the above chart are both new kinds of cyber threats known as ransomware crypto worm, these encrypt data on a computer and demand ransom from the affected users in Bitcoin cryptocurrency to regain the access on systems. These worms spread by forming copies on the network and use the EternalBlue exploit in the Windows. The worms wrecked millions of dollars and affected more than 200,000 computers across 150 countries.
Cybersecurity in cryptocurrency parlance
The emergence of cryptocurrency and data mining in the past decade has helped hackers with a new mode of attack. A rapid surge in the value of cryptocurrencies like Bitcoin, Monero, Ripple, Ethereum, etc. has caught the attention of the hacking community, which devises dexterous ways to exploit vulnerabilities in the underlying infrastructure. Further, with the advent of cryptocurrency as a medium of exchange (money), which is devoid of central banks, cryptographically securing of algorithms and anonymity of users, hackers have been able to steal billions of dollars in cryptocurrency by few strokes of a keyboard. Few noteworthy hacks in the cryptocurrency space were; Mt. Gox of USD 473 million (2014), DAO hack; USD 50 million (2016), Coincheck hack of USD 530 million (January 2018 [the biggest ever hack]) and BitGrail hack of USD 170 million (February 2018).
Additionally, the boom in the cryptocurrency has helped hackers to target every connected device including mobile, smart devices, IOT (Internet of Things) and corporate networks through a malware to leverage CPU power of devices to mine cryptocurrency. Crypto mining is a high resource (CPU) intensive process, hence, hackers implant malware through browser plugins, Android apps, multimedia files disguised as genuine content and amass an army of zombie platforms through DDoS (Distributed Denial of Service) attack to mine cryptocurrency. According to ZDNet, the Smominru botnet (a crypto mining worm) at its peak infected 526,000 servers and mined 8,900 Monero and its creator earned around USD 3.6 million (May 2017). In another report, Symantec claimed that cryptojacking (crypto mining through hijacked systems) incidents soared 8,500% in 2017 due to the astronomical rise in the value of cryptocurrencies.
Thus, in order to protect against the looming cyber threat, the global spending on cybersecurity has surpassed USD 137.85 billion (2017) and is forecasted to reach USD 231.94 billion at a CAGR of 11% by 2022 (Source: MarketsandMarkets). Cybersecurity Ventures report claimed that a total cumulative spending on the cybersecurity products and services is slated to exceed USD 1 trillion in the next five years (2017-21).
Consequently, players in the cybersecurity industry are gung-ho to encash the rising tide of corporate and personal spending on the security products. This is evident from the uptrend in revenue, research and development expenses of the cybersecurity firms.
Note: Above data represents 24 listed pure-play cybersecurity companies, which are as follows; Absolute Software, Check Point Software Technologies Ltd., CyberArk Software, Ltd., F-Secure, FireEye Inc., Fortinet Inc., Gemalto, Imperva Inc., KEW Holding Corp., ManTech International Corp., MobileIron, Palo Alto Networks, Proofpoint, Qualys, Radware Ltd., Rapid7, SecureWorks Corp., Sophos, Splunk Inc., Symantec Corp., Trend Micro Inc., VASCO Data Security International Inc., VeriSign Inc., Zix Corporation.
Bessemer Venture Partners (a private equity firm) compiled the index of the above mentioned 24 cybersecurity companies and compared the return from the US equity market benchmarks. The cybersecurity index beat the diversified benchmark; S&P 500 by a wide margin of 82%. Similarly, it beat the tech-heavy index Nasdaq by 27% over a period of 7.25 years from January 2011 to March 2018.
The phenomenal pace at which technology is assimilating itself in the society has also broadened cyberattacks with the furtherance of newer technologies like artificial intelligence (AI) and machine learning. These are changing the security landscape for cyber attackers as well as defenders. Fully autonomous AI based attacks will decide the course of attack and action without a human intervention and will defenders be using similar tools to guard their turf is yet to be seen. Globally, governments and businesses are engaged in multilateral discussions for protection against the imminent threat of cyberattacks and are streamlining policies to uphold transparency and accountability.
In addition, the General Data Protection Regulation (GDPR) by the European Union for protection of citizen privacy is going to take effect from May 2018, which could impose a fine of up to 4% of the annual global revenue against businesses (processing the personal data of data subjects, residing in the Union) in breach of its guidelines. The GDPR combined with the rise of Internet of Things (IOT) and cryptocurrency has opened a multitude of revenue streams for cybersecurity companies. Therefore, the future of the players in the cybersecurity industry is nothing but seems exciting and promising.